River Tarnell wrote:

apache logfiles (/var/log/apache/access) have now been modified to not include the remote client's IP (it will show 127.0.0.1 instead). real logs are available in /var/log/apache/private/access for people in the 'privlogs' group.

Thanks again for that. However, we've been talking on IRC about alternatives, since there are some things that rely on the client IP - Interiot's TSTOC thingy for instance, and it's nice to have for webalizer, too.

We have discussed the following:

a) make a script that replaces the IP by a hash value (MD5 or something). That way, counting unique clients is still possible without exposing the IP. This could be done by a per script wither live using tail -F, or regularly using cron. The script would need access to the real logs, of course. And we would still need the current public log that has 127.0.0.1 for everything, so tools that rely on apache log format don't get confused.

Assuming that it's OK to know the IPs of people that visit our tools on the toolserver explicitly, but not to know the IPs of WP visitors that unknowingly leave a trace on the toolserver along with a visited page and date/time, there are more options:

b) create a subdomain/virtual host for the hit counter. That virtual host would have a separate, anonymized log. The "normal" tools would have a full log with client IPs - they can find out the IP anyway.

c) similarly, requests/logging for the hit counter could be done by lighttpd or something similar; Maybe that's faster than apache, I don't know. All we need is logging, really.

I just put this here for reference, and as something to think about.

Regards Daniel